Cryptography-Digest Digest #649, Volume #11 Thu, 27 Apr 00 22:13:01 EDT
Contents:
Intel drops serial number (Roger)
Re: public/private encryption keys and biometrics (Arthur Dardia)
Re: sci.crypt think will be AES? (Bryan Olson)
Re: factor large composite (David A Molnar)
Re: The Illusion of Security (David A Molnar)
Re: Karatsuba threshold (Scott Contini)
Re: sci.crypt think will be AES? (Bryan Olson)
Re: public/private encryption keys and biometrics ("Lyalc")
Re: [OT] Re: U-571 movie ([EMAIL PROTECTED])
Re: U-571 movie ([EMAIL PROTECTED])
Re: U-571 movie ([EMAIL PROTECTED])
Re: Help: encrypting bit fields (Thierry Moreau)
Re: sci.crypt think will be AES? (Bryan Olson)
----------------------------------------------------------------------------
From: Roger <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Intel drops serial number
Date: Thu, 27 Apr 2000 15:50:04 -0700
The article doesn't say anything about the random number generator.
I couldn't find a press release at intel.com.
http://yahoo.cnet.com/news/0-1006-200-1773089.html?pt.yfin.cat_fin.txt.ne
Intel to phase out serial number feature
By Michael Kanellos
Staff Writer, CNET News.com
April 27, 2000, 3:15 p.m. PT
Intel will phase out its practice of stamping serial numbers on its
processors with the next generation of chips, the final chapter in a
public relations fiasco.
Intel spokesman Howard High confirmed today that the company will not
include serial numbers on the next generation of its processors,
code-named Willamette, that will be released later this year. The
identification numbers will continue to be used in the Pentium III and
recent versions of the Celeron.
Privacy advocates applauded Intel's move.
"We're very happy that Intel has seen the light on this issue and
recognized the sensitivity that many users have about permanent
identifiers being embedded in their machines," said David Sobel, general
counsel at the Electronic Privacy Information Center EPIC. "This is a
great victory for anonymity, which is what this has always been about.
It validates our sense that most users value anonymity and are resistant
to any technology that interferes with their ability to remain anonymous
online."
The issue was a major public relations fiasco for Intel. In early 1999,
the company revealed a plan to stamp each processor with a distinct
number. Consumers were then expected to use the number as a form of
identification, similar to a password, to enter protected Web sites.
Privacy advocates, however, claimed that the number could be used to
track people's Web travels. Analysts and security experts largely
debunked many of these claims. The serial numbers, for instance, weren't
serialized--they were random. The use of the number was also cloaked in
various encryption techniques. Besides, easier ways existed to track
people, some analysts pointed out.
Privacy advocates eventually gained the upper hand. Intel agreed to
disable the feature so that it wouldn't be "on" automatically. Instead,
a consumer would have to enable the feature.
Additionally, few Web sites adopted the serial number feature for
security purposes, High said.
"About the only place we saw it used was internally (in corporations)
for asset management," he said. "It never caught on in the mainstream."
However, "It made us aware of some of their (privacy advocates')
concerns and issues," he added.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: public/private encryption keys and biometrics
Date: Thu, 27 Apr 2000 19:12:21 -0400
[EMAIL PROTECTED] wrote:
> I need some information. My company is looking for software that
> incorporates public/private key encryption with biometrics. Or at least
> a company that offers an SDK (software development kit) that will allow
> us to mesh the two.
>
> Our primary goal is to substitute biometrics (fingerprint or photo) for
> the passphrase when creating a key.
>
> Anyone have any leads? I am sure there must be a company out there that
> does.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Very secure choice of security in my eyes, as long as it's implemented
properly.
Homepage of Compaq Fingerprint Identification Technology:
http://www.compaq.com//products/options/fit/index.html
Review of Compaq Fingerprint Identification Technology:
http://web.zdnet.com/pcmag/features/biometrics/387165.html
The only way I can see using these fingerprints to generate passphrases
would be to somewhat translate the minutae datapoints into a text and
use
that as your passphrase. How would you go about using this? Maybe an
SDK
comes with the Compaq FIT that'll allow you to dump the data via
fstream.h.
Shouldn't be too hard to hack, and at $99 a pop, not too expensive.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Thu, 27 Apr 2000 23:37:51 GMT
Richard Parker wrote:
>
> Presumably at least some of those who are aware of
> the AES process and who hold a patent that they
> feel is infringed upon by one of the AES candidates
> would have contacted the author by now. While
> comforting, this of course does not rule out the
> possibility that someone hopes to make money by
> deliberately not making public the fact that one of
> the AES finalists infringes on one of their patents
> in the hope that the infringing algorithm is chosen
> as the AES winner.
I don't think that's a threat. If they _deliberately_
frustrate NIST's attempt to avoid inflicting damages, even
by keeping quiet, then they've operated in bad faith and are
not entitled to collect on the damages.
There is still an unavoidable chance that someone will
discover they have a patent claim against the AES after
it's approved, possibly because they are unaware of the
issue.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: 27 Apr 2000 23:45:26 GMT
Johnny Bravo <[EMAIL PROTECTED]> wrote:
>>> There isn't much need to check each SETI packet 3 times. :)
>>
>>Remember the thread here a few months ago on evil and modified SETI@Home
>>clients?
> Yeah, but those clients were just returning bogus information so
> that the score for that person was inflated. The SETI@Home people
> were asking about ways to prevent that from happening.
Yeah - that's why you check each packet 3 times. If you ever see someone
return bogus information -- as indicated by disagreements among the 3
checks -- then you can check it yourself. Afterwards set the score of
liars to zero.
> "The most merciful thing in the world, I think, is the inability
> of the human mind to correlate all it's contents." - HPL
anyone know if the Cthulhu 2000 press kit is out yet?
Thanks,
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: 27 Apr 2000 23:41:32 GMT
Diet NSA <[EMAIL PROTECTED]> wrote:
> No one knows if P != NP can even be proven, so "when some bright
> person proves P != NP" may be never. Even if it were proven I
> don't see how such a proof would automatically lead to NP-hard
> crypto. (Note that all cryptosytems based on the knapsack
It may not. AFAIK it is possible that P != NP, but no one-way functions
exist (or at least none useful for cryptography). Papadimitriou's textbook
has a chapter covering this which I should really work through soon...
Russell Impagliazzo has a paper which touches on this question in
the context of Levin-style average case complexity theory. Searching for
his web page should bring it up.
> problem, which is an NP-complete problem, have been shown to be
> insecure).
AFAIK, there was no proof that any of those cryptosystems was as hard as
the general knapsack problem. At best they were conjectured to be
as hard to solve as a class of specially constructed knapsacks. So while
the knapsack (and later the lattice) experience is discouraging, I'm not
sure how much it says about the possibility of basing crypto on
NP-complete problems.
For a much more informed take on the concept, you might try Goldwasser &
Goldreich "On The Possibility of Basing Cryptography on the Assumption
that P \neq NP" at
http://philby.ucsd.edu/cryptolib/1998/98-05.html
although it mostly considers public-key cryptography (no suprise
given the authors)
The paper first brings up Brassard's Theorem, which has shown up here
before -- informally, if a cryptosystem exists which is NP-hard to
"break", then NP = coNP (there are a few more conditions too, like
the set of public keys is in coNP). It notes that the theorem doesn't say
anything about randomized public key cryptosystems, and then goes on to
give extensions for such randomized systems. They conclude that a
cryptosystem based on an NP-hard problem might be possible, but it will
require a special kind of reduction which they define...and so the
question is open.
Thanks,
-David
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Karatsuba threshold
Date: 28 Apr 2000 00:27:10 GMT
In article <[EMAIL PROTECTED]>,
Mark Wooding <[EMAIL PROTECTED]> wrote:
>Scott Contini <[EMAIL PROTECTED]> wrote:
>
>> Moreover, two of the recursive calls are actually squaring operations -
>> so one should have optimized Karatsuba squaring and optimized classical
>> multiply squaring (taking advantage of symmetry).
>
>Err. I thought that Karatsuba-Ofman worked on the identity
>
> (u b + v)(x b + y) == u x b^2 + ((u + v)(x + y) - u x - v y) b + v y
>
>(where b is some convenient value about half the size of each of the two
>numbers being multiplied).
>
>The three multiplications are, then, u x, v y and (u + v)(x + y). None
>of these looks like a squaring to me. Of course, if I'm wrong, I get an
>opportunity to improve my MP library's performance. ;-)
>
>-- [mdw]
Sorry, you are right. I think I was thinking about Kartsuba squaring:
(u b + v)^2 = u^2 b^2 + ( (u + v)^2 - u^2 - v^2) b + v^2
Even then, I am still wrong, since this is actually 3 squarings and
no ordinary multiplies.
Scott
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Fri, 28 Apr 2000 00:32:51 GMT
Trevor L. Jackson, III wrote:
> AFAICT, patents are not subject to antitrust law because
> the very essence of the concept of a patent is the
> temporally limited monopoly it provides.
No, it's much more complex. Attempts to extend the
limited monopoly in an unfair way often fall afoul
of anti-trust law. What is "unfair" seems to be up
to a court's discretion.
[...]
> The phrase "would have access to good patent counsel"
> is probably the cause of the problem.
Relax. Setting Federal standards is what NIST does
and if we judge by results, they clearly do an excellent
job of avoiding such problems.
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: public/private encryption keys and biometrics
Date: Fri, 28 Apr 2000 11:05:20 +1000
Interesting conjunction of ideas
"implemented properly" followed by links to PC software based solutions.
Implemented, yes but properly?
Hard to justify in the context of a security discussion group
a couple of cents worth of musing
lyal
Arthur Dardia wrote in message <[EMAIL PROTECTED]>...
>[EMAIL PROTECTED] wrote:
>
>> I need some information. My company is looking for software that
>> incorporates public/private key encryption with biometrics. Or at least
>> a company that offers an SDK (software development kit) that will allow
>> us to mesh the two.
>>
>> Our primary goal is to substitute biometrics (fingerprint or photo) for
>> the passphrase when creating a key.
>>
>> Anyone have any leads? I am sure there must be a company out there that
>> does.
>>
>> Sent via Deja.com http://www.deja.com/
>> Before you buy.
>
>Very secure choice of security in my eyes, as long as it's implemented
>properly.
>
>Homepage of Compaq Fingerprint Identification Technology:
>http://www.compaq.com//products/options/fit/index.html
>
>Review of Compaq Fingerprint Identification Technology:
>http://web.zdnet.com/pcmag/features/biometrics/387165.html
>
>The only way I can see using these fingerprints to generate passphrases
>would be to somewhat translate the minutae datapoints into a text and
>use
>that as your passphrase. How would you go about using this? Maybe an
>SDK
>comes with the Compaq FIT that'll allow you to dump the data via
>fstream.h.
>Shouldn't be too hard to hack, and at $99 a pop, not too expensive.
>
>--
>Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: [OT] Re: U-571 movie
Date: Thu, 27 Apr 2000 18:22:16 -0700
On Wed, 26 Apr 2000 17:17:17 GMT, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] wrote:
>> The Americans never did get wise till late in the war.
>> Although the Purple and Naval dispatch codes were broken early in
>> 1937. Makes you wonder why Pearl Harbor happened. Sort of like getting
>> the U.S. involved in WW1. Lies told to the masses.........
>
>A good portion of the blame for Pearl Harbor rests with the policy of
>not manning the new radar installation on the north shore of the
>island 24-7 as well as the officer who told the two techs that were
>practicing with the equipment past the closing hour that the planes
>they were reading were a delivery of new bombers.
It was my understanding that the US had broken Purple and two Japanese
Naval codes before 1935. The information about the attack was
purported(Kahn- "Codebreakers") to have been sent as early as
September of 41. That information was sent to Berlin and was
intercepted by the British, but not forwarded as it might give away
that the British had an Enigma machine.
>Of course, hindsight is always 20/20. On the morning of the raid,
>radar was in its infancy (not even standard on ships yet!) and
>_everyone_ knew that the Japanese would _never_ attack the US.
Sarcasm plays badly, but I get the message.
"Why, France would never harm the US in Europe, we're friends"
*sarcasm*
Liam
Sed Quis Custodiet Ipsos Custodes?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: U-571 movie
Date: Thu, 27 Apr 2000 18:32:21 -0700
On Wed, 26 Apr 2000 12:45:26 -0600, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>> Although the Purple and Naval dispatch codes were broken early in
>> 1937. Makes you wonder why Pearl Harbor happened. Sort of like getting
>> the U.S. involved in WW1. Lies told to the masses.........
>
>For one thing, the attack order on Pearl was never sent over Purple, Naval
>Dispatch, Orange, etc. The Japanese fleet kept radio silence. The Americans
>knew something was up but they guessed that Manila or Taiwan would be the
>target. This was before satellites or even long range aerial survalence. It
>was a well-planned attack (not necessarily well motivated.)
IIRC the information I've gained from Kahn, The History Channel
Broadcast and other material, The Purple and Two Naval Codes were
broken about 1935. The Details of the attack were sent as early as
September of 41, the British were party to that information via
Bletchly and enigma. The attack was successful because the right
people were silent when they might have shouted what they knew.
America needed to be involved in the War for economic reasons.
It was a good move, but not one that would have been popular in the
press.
>A few months later at Midway, the USN did use their knowledge of Japanese
>codes.
And to a very good result.
>Purple, Orange, Coral, etc. were broken with only cyphertext. The
>reconstructed codebreaking machines along with parts of some Japanese coding
>machines can be seen at the NSA museum. The resemblence is uncanny.
a Purple machine was captured in Singapore and smuggled out in 1937? I
think. My Father knew of six machines in American hands in 1943 in the
Solomons area. We've spoken of this many times. His understanding was
that Roosevelt needed a big enough excuse to get the US involved in
the war. Pearl Harbor was it.
>From my own reading, it was simply a matter of the right information
not being taken seriously enough by the right people. In my opinion,
the US allowed Pearl Harbor to happen in order to become involved in
the war for economic and political reasons having nothing to do with
the "Right over Evil" sort of thing I was taught in school years ago.
Sed Quis Custodiet Ipsos Custodes?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: U-571 movie
Date: Thu, 27 Apr 2000 18:39:25 -0700
On Thu, 27 Apr 2000 17:36:09 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>[EMAIL PROTECTED] wrote:
>> The Americans never did get wise till late in the war.
>
>Get wise to what? Americans were extensively involved
>with the Enigma cracking effort, both at Bletchley Park
>and Stateside.
The Americans were not involved with Bletchly until after 1942.
There were Americans AT Bletchly,but not as a part of a US presence,
simply in the role of Codebreakers and espionage agents.
Most American commanders were not aware of the fact that Bletchly had
even broken the German codes, much less that the Enigma Machine had
been captured and duplicated. Only a very few American Commanders were
ever entrusted with the knowledge about Bletchly and Enigma. If it had
been common knowledge, why keep it secret until after 1959? The
British certainly denied it until then.
In any event, the movie, is not supposed to be factual, but then what
out of Hollywood ever is.
Sed Quis Custodiet Ipsos Custodes?
------------------------------
From: Thierry Moreau <[EMAIL PROTECTED]>
Subject: Re: Help: encrypting bit fields
Date: Thu, 27 Apr 2000 14:54:00 -0500
Paul Rubin wrote:
> In article <[EMAIL PROTECTED]>,
> Runu Knips <[EMAIL PROTECTED]> wrote:
> >Paul Rubin wrote:
> >> Say I want to encrypt a bit field (37 bits, for example) and get
> >> back another 37-bit field. E.g. I want to simulate a 37-bit codebook
> >> cipher. Alternatively, say I want to encrypt an integer range, such
> >> as 10-digit decimal integers.
> >
> >Can anyone explain to me why he doesn't just use CFB mode ?
>
> No space in the output to store an IV. Output must be same length as input.
If you don't have space for an IV, then I suppose you have no space for a
session key cryptogram of any kind, then you revert to the ECB (Electronic Code
Book) mode of operation based on a long-term secret key, which is vulnerable to
the ciphertext replay attack. What is your threat model anyway? This reminds me
the Dallas 5001 "secure microprocessor" which was inherently flawed with an
8-bit encryption block, and then hacked with much publicity by a skilled
electronic engineer.
- Thierry Moreau
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Fri, 28 Apr 2000 01:44:02 GMT
Terry Ritter wrote:
> Richard Parker wrote:
> >Presumably at least some of those who are aware
> >of the AES process and who hold a patent that they
> >feel is infringed upon by one of the AES candidates would
> >have contacted the author by now.
>
> Why would the patent holders contact *anybody*?
Because they operate in good faith. This isn't just an
issue in cryptography; standards committees in all areas ask
about assertions of patent rights, and reputable companies
answer.
> Patents
> are about money: licenses and use. It is only when
> things go into production that patent holders would get
> serious.
[...]
> >While comforting, this of course does not rule out the
> >possibility that someone hopes to make money by
> >deliberately not making public the fact that one of the
> >AES finalists infringes on one of their patents in the
> >hope that the infringing algorithm is chosen as the
> >AES winner.
>
> Comforting or not, it obviously is *not* a matter of
> "deliberately not making public," since patents *are*
> public. Indeed, US patents are issued by the Commerce
> Department, the parent of NIST, and if *they* don't
> know what they have done, that is their problem.
I don't think your legal theory will hold up. As Richard set
up the hypothetical situation, the potential plaintiff knows
he has the opportunity to avoid incurring any damages, but
deliberately does not respond so that he can later sue for
those damages. That will fail the common-law requirement of
good faith.
> Nor does a patent holder necessarily *know* what infringes: A patent
> is a *legal* document, intended to "read on" as much technology as
> possible. The inventor may have a narrow personal interpretation
> which is only tiny subset of the owned technology. It may take a
> *patent* *lawyer* to understand that a particular patent actually
> covers something which seems distinct to the inventor.
Alas, patent lawyers do not reliably determine infringement
either. There is a chance that a claim will come up which
was not known at the time, but NIST has a fine reputation
for avoiding such problems.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
